DKIM not working / not signing

Submitted by Baterka on Thu, 08/22/2019 - 07:56

After enabling DKIM in Virtualmin/Email Settings/DomainKeys Identified Mail emails are still not signed.

dkim service is running and on right port. Postfix config is also right.

I tried every fix what I found here on forums and on stackoverflow but nothing works. This is serious bug I think.

Parent issue: 
#41784: DKIM Not signing messages
Status: 
Needs work
Files: 
Image icon screenshot_from_2020-01-16_01-54-02.png

Comments

Submitted by andreychek on Thu, 08/22/2019 - 10:06

Howdy -- I wasn't able to reproduce a problem on my test server with DKIM, and other than yours we haven't been receiving reports of problems with it.

While it is possible there could be a bug, there's other explanations too. Our suggestion would be to troubleshoot the issue by creating a new thread in the Forums, and if it's determined that there's a bug, we can look deeper into it at that point.

Submitted by Baterka on Fri, 10/04/2019 - 05:33

I tested today with new clean install of Debian 9. It 100% not signing emails.

Submitted by Baterka on Fri, 10/04/2019 - 05:52

I found it! There is problem with autoconfig. Postfix is configured to port 8891, but dkim is listening on socket! I changed dkim to listen on 8891@localhost and emails are signed now

Submitted by sinjab on Tue, 01/14/2020 - 00:16

I encountered this problem too on fresh Ubuntu 18.04. Editing /etc/opendkim.conf to listen to 8891@localhost solved the problem.

Ilia's picture
Submitted by Ilia on Tue, 01/14/2020 - 03:54

Assigned: Unassigned »

I will assign this to Joe for re-view, as possibly there is something that install.sh script could do something about it.

Submitted by sinjab on Wed, 01/15/2020 - 04:40

I have just installed a fresh Ubuntu 18.04 then installed Virtualmin. The problem happened again. However, I have more information.

The install.sh script has nothing to do with it. Because opendkim is not installed by the install.sh script. It's installed when you go to "Email Settings > DomainKeys Identified Mail" then press "Install" then "enable" it.

The command apt-get -y -f install opendkim will be executed. Then this message will be shown:

Configuring mail server to use DKIM filter

The /etc/opendkim.conf will be created with those lines:

#Socket                  inet:8892@localhost
Socket                  local:/var/run/opendkim/opendkim.sock


Also those lines will be added to /etc/postfix/main.cf:

smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891


So, to correct the problem you have to edit /etc/opendkim.conf like this:

Socket                  inet:8891@localhost
#Socket                  local:/var/run/opendkim/opendkim.sock


Then restart opendkim.

Ilia's picture
Submitted by Ilia on Wed, 01/15/2020 - 07:39

Thanks for sharing details! I think it will be useful for future readers but in fact, it looks like OpenDKIM package (on Ubuntu) problem itself.

Ilia's picture
Submitted by Ilia on Wed, 01/15/2020 - 16:57

Assigned: »

I have taken a closer look on clean Ubuntu 18.04 install and it appears that OpenDKIM's config, by default listens for milter connections on:

Socket          local:/var/run/opendkim/opendkim.sock

..while nothing added automatically to Postfix.

When you run Email Settings/DKIM and enable it, it's getting configured the way you described.

It appears as a bug (overwatch), as at certain point Ubuntu 18 seems to be switched to using listening on socket rather than on interface.

Thanks for reporting, I will pass it to Jamie for review and a fix. Jamie, have a look at the attached screenshot.

Submitted by JamieCameron on Sun, 01/19/2020 - 20:12

This one should be fixed in the next Virtualmin release, although it may require disabling and re-enabling DKIM in Virtualmin.

Submitted by Lucian on Mon, 04/20/2020 - 10:24

Hi,

Hopefully this will be fixed in the next vmin version, but just wanted to do a "+1", I encounter this error in Debian 10 as well, the fix is trivial as Baterka described above.

Ilia's picture
Submitted by Ilia on Wed, 04/22/2020 - 08:13

Okay, do you have the following file on your server?

/etc/opendkim.conf


If so what its content?

Here is the patch.

Submitted by Lucian on Wed, 04/22/2020 - 08:18

Thanks Ilia,

I'm good with the signing once I've set opendkim to listen to tcp as opposed to socket. Just wanted to enforce the fact this is indeed a bug affecting multiple platforms, that's it.

Sorry for the noise :)

Ilia's picture
Submitted by Ilia on Wed, 04/22/2020 - 08:21

Just wanted to enforce the fact this is indeed a bug affecting multiple platforms, that's it.

Yeah, and I fixed that in the patch above. So do you have /etc/opendkim.conf file on your Debian 10 install? :)

Submitted by Lucian on Wed, 04/22/2020 - 08:31

Yes, I do and it's working, thanks for the patch! :)